Granting Impersonator Privileges

In CES, impersonation is used as a way to allow remote Front-End applications to gain access to collections.

Example: When the search interfaces and the index are located on different servers, the Back-End server must be configured to accept queries from the Front-End servers. On each Coveo Master server, this is done by adding an impersonator for the identity running the AppPool of the remote process for each Front-End server.

To grant impersonator privileges to an account

1. On the Back-End server, open the Administration Tool (Windows Start menu > All Programs > Coveo Enterprise Search 7 > Administration Tool).

2. In the Administration Tool, select Configuration > Security.

3. In the navigation panel on the left, click Impersonators.

4. In the Impersonators page:

   

   1. Click Add.

   2. In the Add Identity dialog box, specify the user to which you want to grant impersonation privileges (see Using the Identity Picker Form).

      

      Notes:

      • In the Name box, enter the account in the domain\username form for the Coveo instance (Front-End server) from which you want to access this index for both: 

        • The account running the CES Service (see About the CES Service Logon Account).

        • The account running the CES search application (CESAppPool in IIS) (see Finding or Modifying the CES Search Application Pool Identity).

      • When the account used is NT AUTHORITY\NETWORK SERVICE, enter the account name in the form domain\MachineName$ where MachineName is the name of the server from which you send queries (Front-End server).

   3. Click Add.

      The account name is added to the list of impersonators.